The present invention relates to a system architecture and a processing mechanism for automatically logging in to a web application.
The enterprise information system (EIS) is proceeding from the traditional client server system to the three-tier system based on the web (world wide web) technology. Until now, various businesses are implemented as web applications to improve the business efficiency. On the other hand, as a result, a large number of EISs are present respectively for businesses in the enterprise. The user is compelled to conduct complicated operations such as going round these systems and logging in to respective systems in order to accomplish daily business. Attention is paid to the single sign-on technology in order to solve this problem. The single sign-on is a login mechanism in which all systems are made available by only conducting login operation only once and receiving authentication when utilizing a plurality of systems which require authentication.
For implementing single sign-on to an enterprise information system (EIS), i.e., a web application, processing corresponding to an authentication mechanism or a session management mechanism of the web application becomes necessary. On the other hand, HTTP and HTML for implementing the web application have been developed originally with the object of a document publishing system. Therefore, it can be said that HTTP and HTML are insufficient in power as the execution basis of the web application. For example, HTTP which is a communication protocol does not have a session management mechanism, because HTTP is a stateless communication protocol. In addition, HTTP does not provide an authentication mechanism. Therefore, it is necessary to individually build the basic function of the web applications such as the authentication mechanism and the session management mechanism in each application. In recent years, frameworks for developing and executing a web application, such as J2EE (Java 2 Platform, Enterprise Edition) of Sun Microsystems (Java is a trademark of Sun Microsystems) and .NET Framework of Microsoft, are prepared, and the authentication mechanisms and session management mechanisms are narrowed down to some degree. However, they are not narrowed down to one. For implementing the single sign-on in the web application, therefore, it is necessary to build in a single sign-on mechanism corresponding to the authentication mechanism and the session management mechanism in the web application individually built in.
As the single sign-on implementing mechanism, various methods have been proposed in JP-A-2005-321970, JP-A-2003-141081, JP-A-2003-58503, JP-A-2002-32340, JP-A-2002-41380 and JP-A-2002-334056 so as to correspond to the authentication mechanism and the session management mechanism in the web application.
As products for implementing single sign-on, there is, for example, SiteMinder (trademark) of Netegrity Corporation.
A large number of enterprise information systems (EISs) are present for businesses in the enterprise. The user is compelled to conduct complicated operations such as going round these systems and logging in to respective systems in order to accomplish daily business. Attention is paid to the single sign-on technology in order to solve this problem.
Several products for implementing the single sign-on are also known. For applying these products, however, it is necessary to generally modify the enterprise information systems (EISs). The construction period and the construction cost for implementing the single sign-on tend to increase. In constructing an IT system, shortening of the construction period and the cost performance benefit are demanded. In these products, achievement of this demand is difficult in some cases.
Furthermore, it is also possible to implement the single sign-on by analyzing the authentication mechanism and the session management mechanism in existing enterprise information systems. A system engineer who conducts this is required to have a deep knowledge of a lower layer such as HTTP and HTML which are basic technologies of the web application besides knowledge concerning the business logic and the IT technology of the upper layer. As a result, the single sign-on implementing mechanism becomes a cluster of the know-how (implicit knowledge) of the system engineer. In implementing the single sign-on, the technological hurdle and cost become high. Furthermore, when communication is subject to encryption using a SSL (Secure Socket Layer) or the like, analysis is substantially difficult.